Netvibes writes " (we found) a security vulnerability in webnotes when using a 3rd party module. A fix was due to be launched later this week, but given the recent alert, we have decided to push it today: this vulnerability is now fixed."

And as future solution Netvibes mentionned: "We will also start to introduce the user rating and the certification of modules in the Ecosystem."

So, point 2 of my first post (external modules not verified) has already been proved a real Security problem.